Jump to content


Photo

GMC forums cyber attack.


  • Please log in to reply
235 replies to this topic

#201 SamimNoorzaiTGC

SamimNoorzaiTGC

    GMC Member

  • GMC Member
  • 98 posts
  • Version:GM:Studio

Posted 16 December 2015 - 11:27 AM

Thanks for announcing. You should take security much serious. We don't want to lose gmc forums!


  • 0

#202 Slammin Sam

Slammin Sam

    I craft juicy things

  • GMC Member
  • 854 posts
  • Version:GM:Studio

Posted 21 December 2015 - 12:10 AM

"We've done what we can to help protect the forums, but we're all human, and no software is totally secure, and if someone really wants in, there's not a lot we can do about it."

- Mike, 2013

 

Really hope you guys change your attitude to security, and soon. This stuff can have serious consequences for forum members. If the forum software is inherently insecure, it's probably time for an upgrade.


  • 2

Nothing to see here...move along


#203 TDSrock

TDSrock

    Aedifex Praecantatio

  • GMC Member
  • 915 posts
  • Version:GM:Studio

Posted 21 December 2015 - 12:53 AM

"We've done what we can to help protect the forums, but we're all human, and no software is totally secure, and if someone really wants in, there's not a lot we can do about it."
- Mike, 2013

 
Really hope you guys change your attitude to security, and soon. This stuff can have serious consequences for forum members. If the forum software is inherently insecure, it's probably time for an upgrade.

Unfortunately life isn't that simple.
If the hackers have enough computational power they can get into anything that is on the same grid as them. The only things that would be a challenge would be things that have their own separate network that is sealed of from all other networks.

Besides that. Yes YoYogames should do their best to ensure security. But don't expect them to ever be impenetrable. Google isn't either.
  • 0

yoyogamessigTDSrock_zpsb6af8f68.png


#204 Slammin Sam

Slammin Sam

    I craft juicy things

  • GMC Member
  • 854 posts
  • Version:GM:Studio

Posted 21 December 2015 - 01:06 AM

 

 

"We've done what we can to help protect the forums, but we're all human, and no software is totally secure, and if someone really wants in, there's not a lot we can do about it."
- Mike, 2013

 
Really hope you guys change your attitude to security, and soon. This stuff can have serious consequences for forum members. If the forum software is inherently insecure, it's probably time for an upgrade.

 

Unfortunately life isn't that simple.
If the hackers have enough computational power they can get into anything that is on the same grid as them. The only things that would be a challenge would be things that have their own separate network that is sealed of from all other networks.

Besides that. Yes YoYogames should do their best to ensure security. But don't expect them to ever be impenetrable. Google isn't either.

 

 

Yes, but 3 forum hacks in 2 years is a pretty bad record. I don't think "The forum software is insecure and there's nothing we can do about it" would fly for most. I don't expect them to be impenetrable (note I never said that), but that doesn't mean they should be okay with being as penetrable as a pin cushion. 


  • 1

Nothing to see here...move along


#205 Mike.Dailly

Mike.Dailly

    Evil YoYo Games Employee

  • Administrators
  • 5277 posts
  • Version:GM:Studio

Posted 21 December 2015 - 11:34 AM

We're on the latest patch, but come the new year, we're going to wipe the machine and start from scratch, installing the latest version of IPB. We're running 3.4.7, but there is a 4.x.x version. Major upgrades require a huge amount of work to upgrade them, so we'll be planing this out early in the new year.

 

Along with this, we're going to put on the latest OS and install some suggested monitoring software from Playtech. They've got some great security folk and have given us some ideas about tools and practices which we're going to implement - the reinstall from scratch being one of them. I don't think any of this will outright stop a hack, but their suggestions will minimise access, and reveal them very quickly. There's some good stuff in there so I'm very positive about just how effective this will be.


  • 10

#206 TsukaYuriko

TsukaYuriko

    Remember... and never forget

  • Global Moderators
  • 9535 posts
  • Version:GM:Studio

Posted 21 December 2015 - 11:37 AM

Does "start from scratch" include "wipe everything on the GMC", or will member accounts, topics, posts and whatnot be migrated?


  • 2

yBGBXQa.pngmWOQbeq.png


#207 Mr.ACT8113

Mr.ACT8113

    Protege of the Duck

  • New Member
  • 2 posts
  • Version:GM8.1

Posted 21 December 2015 - 03:20 PM

i can't seem to change my password :/


  • 0

#208 Mike.Dailly

Mike.Dailly

    Evil YoYo Games Employee

  • Administrators
  • 5277 posts
  • Version:GM:Studio

Posted 21 December 2015 - 05:06 PM

No, we'll import the current Database. The new forum software will upgrade it for us..... But all the software will be installed from scratch.


  • 0

#209 Bleed

Bleed

    Chevalier

  • GMC Member
  • 763 posts
  • Version:GM:Studio

Posted 21 December 2015 - 05:36 PM

No, we'll import the current Database. The new forum software will upgrade it for us..... But all the software will be installed from scratch.

 

Oh noes, rants regarding the new theme and software incoming. Here's mine, just to get it out of the way -- "boooo!"

Also, is version 4.x already out of beta? I remember it being rather controversial on that.

 

EDIT :

Ah, never-mind version 4.1.2 latest stable release, that one will do maybe.


Edited by Bleed, 21 December 2015 - 05:55 PM.

  • 0

rlztjp_zpsoqffaixe.jpg


#210 RekNepZ

RekNepZ

    GMC Historian

  • GMC Member
  • 718 posts
  • Version:GM:Studio

Posted 21 December 2015 - 09:14 PM

Well, I for one am looking forward to the update. I like a little change every once-in-a-while, and the sit feels pretty broken right now.


  • 0

AczgxAZ.png

^kept in my sig for historical purposes^


#211 Ninety

Ninety

    I just want to see if the mods will waive the character limit.

  • GMC Member
  • 846 posts
  • Version:Unknown

Posted 21 December 2015 - 09:57 PM

the sit feels pretty broken right now.


Iͯ͐̌͊̍̏҉̻̯̱̪̳̼ ̹͎̺̲͆̇̃̒̀ͤd̡͇̙̥̰̮͒̓ͅo̙̬͖̥̚n̘̬̠̯̰ͨ̈̉̾'̘̲̮͂̊̉̒t̹̯̙ͨ̉̂ͩ̈́ͅ ̝ͭ̃ͧk̮̙͚ͫ́ͪn͑͆͂̉҉̦̥͕̟͎̝o̱̖̱̤͔͉̯͆̍̆̀̀͘w̗͖̳̣ ̢̭͓̣͙́̐ͫ͌ŵ͎͇̟̟̂͗͘h͓͚̍ͣ̐ͯa̤̐́͑̈͐t̝̟̱̄͡ ̴̞͈̦͚͇̉y̸̤̗͔̲͉ͅȍ̱͓̮́̊ͫ̿ͪ͜uͩ̋ͬ̑̓̾͏̫̲͔̻̠͎̟'͙͇͌̀̐ͧͅr̷͙̳̤̥̠̝̒̑̋̋e̮̗ͮͥ́̀̚ ̶̭̠̫ͧt͙̺̯͕͖͇ͫ͛͋͠a̴͋͂̍̃͌̓l̳̗̙̘̰̼̜̓̑̽̕k̴̦̠̣̜̩ͬ͆̾ͫi͌͏͔̯n̵̞̻̖̟̹̰ͧͪͫ̚g͛̑̇ͧ̍̀͞ ̡͕͕̯̻̦̞͚ͪ̇̓͌͒̄̚àͪ̓͏̟͓̥͇ḃ͌͂̒ó̥̝̠̲͊̓ͦͩͤű̮̮͕ͮ͂ͮt̛͎̲̳͔̣́̎ͅ


  • 1

ka0eZdt.png
twitter | soundcloud | gmcomicified | ask.fm | homestead | itch.io | TIGsource

 

goodnight, sweet prince


#212 SuperMarcelo'sGames

SuperMarcelo'sGames

    GMC Member

  • New Member
  • 7 posts
  • Version:GM8

Posted 29 December 2015 - 06:07 AM

how do i quit the up letters?  :huh:

 

Spoiler


Edited by SuperMarcelo'sGames, 29 December 2015 - 06:10 AM.

  • 0

Supeeer Marcelooo Gaaaames :P

By SuperMarcelo'sGames  :lol:


#213 GameGoblin

GameGoblin

    GMC Member

  • GMC Member
  • 4325 posts
  • Version:GM:Studio

Posted 29 December 2015 - 07:15 AM

how do i quit the up letters?

What?
  • 1

#214 FmMan3

FmMan3

    GMC Member

  • GMC Member
  • 189 posts
  • Version:GM:Studio

Posted 01 January 2016 - 03:09 AM

So, when are we going to, you know... Beef up the security of the forums?

 

I've been a part of these forums for seven years now, approaching eight, and this has been a theme throughout that time... Can YoYo please start taking this seriously, because I'm tired of receiving news about this **** on a reoccurring basis.


Edited by FmMan3, 01 January 2016 - 03:11 AM.

  • 0
Signatures are nothing but a fad.

#215 Lukan Spellweaver

Lukan Spellweaver

    Gay Wizard Freak & mcmonkey's plaything

  • GMC Member
  • 3704 posts
  • Version:GM:Studio

Posted 01 January 2016 - 08:41 AM

So, when are we going to, you know... Beef up the security of the forums?

 

I've been a part of these forums for seven years now, approaching eight, and this has been a theme throughout that time... Can YoYo please start taking this seriously, because I'm tired of receiving news about this **** on a reoccurring basis.

 

 

We're on the latest patch, but come the new year, we're going to wipe the machine and start from scratch, installing the latest version of IPB. We're running 3.4.7, but there is a 4.x.x version. Major upgrades require a huge amount of work to upgrade them, so we'll be planing this out early in the new year.

 

Along with this, we're going to put on the latest OS and install some suggested monitoring software from Playtech. They've got some great security folk and have given us some ideas about tools and practices which we're going to implement - the reinstall from scratch being one of them. I don't think any of this will outright stop a hack, but their suggestions will minimise access, and reveal them very quickly. There's some good stuff in there so I'm very positive about just how effective this will be.


  • 0

DeEuDARh.pngi1SR21Q.png

Find me on Itch.io | GameJolt | YouTube | Twitter | Facebook | Website | Ask.FM

 GMC Google Hangout | I liek monkehs

The GMC, here lies she. Kicked to the curb, with nary a word. She shall live on, though. Remain strong, bros.

Also: MIKE DAILLY TOLD ME TO UPDATE MY SIGNATURE


#216 HopelessComposer

HopelessComposer

    GMC Member

  • GMC Member
  • 1337 posts
  • Version:GM:Studio

Posted 02 January 2016 - 01:24 AM

New year is here! :)


  • 0

#217 csanyk

csanyk

    GMC Member

  • GMC Member
  • 624 posts
  • Version:GM:Studio

Posted 06 January 2016 - 10:32 PM

If only True Valhalla were still here to have a cup of tea and a chat with the hackers \o/

 

What happened to True Valhalla?


  • 0

#218 Smarty

Smarty

    GMC Member

  • GMC Elder
  • 7522 posts
  • Version:GM:Studio

Posted 09 January 2016 - 12:06 AM

If only True Valhalla were still here to have a cup of tea and a chat with the hackers \o/

 
What happened to True Valhalla?


Not much. He offered his website to let a script kiddie brag about hacking this forum, and then got booted from his staff position. Feeling satisfactorily martyred, he sometimes comes back here acting like he's Snowden.

Oh, hi there True V, long time no see. How's Moscow?
  • 3

#219 HopelessComposer

HopelessComposer

    GMC Member

  • GMC Member
  • 1337 posts
  • Version:GM:Studio

Posted 10 January 2016 - 06:19 AM

^True V also makes a good deal of money through GM, too, right? Maybe that explains some of the animosity that half the members here feel toward him? It feels like True Valhalla has a much worse reputation than he deserves here. Jealousy is an ugly thing. :)


Edited by HopelessComposer, 10 January 2016 - 06:26 AM.

  • 0

#220 N-cubo

N-cubo

    GMC Member

  • GMC Member
  • 85 posts
  • Version:GM:Studio

Posted 12 January 2016 - 04:23 PM

That moment when, from reddit, you land on the GMC and you discover a 3th data breach.

 

May I ask if warning emails were sent? I didn't receive anything and just discovered this by pure luck...


Edited by N-cubo, 12 January 2016 - 04:23 PM.

  • 1

#221 Slammin Sam

Slammin Sam

    I craft juicy things

  • GMC Member
  • 854 posts
  • Version:GM:Studio

Posted 12 January 2016 - 04:32 PM

That moment when, from reddit, you land on the GMC and you discover a 3th data breach.
 
May I ask if warning emails were sent? I didn't receive anything and just discovered this by pure luck...

Nope, no emails were sent. I commented about this a while ago, with no response. It's incredibly irresponsible not to send one.

You could have had your other accounts compromised, and an email warning may have prevented that.

Edited by Slammin Sam, 12 January 2016 - 04:32 PM.

  • 2

Nothing to see here...move along


#222 TDSrock

TDSrock

    Aedifex Praecantatio

  • GMC Member
  • 915 posts
  • Version:GM:Studio

Posted 12 January 2016 - 04:51 PM

That moment when, from reddit, you land on the GMC and you discover a 3th data breach.
 
May I ask if warning emails were sent? I didn't receive anything and just discovered this by pure luck...

Nope, no emails were sent. I commented about this a while ago, with no response. It's incredibly irresponsible not to send one.

You could have had your other accounts compromised, and an email warning may have prevented that.

I agree, even now I think they should send one out in all honesty.
  • 0

yoyogamessigTDSrock_zpsb6af8f68.png


#223 Mornedil

Mornedil

    GMC Member

  • GMC Member
  • 1450 posts
  • Version:GM:Studio

Posted 26 February 2016 - 08:06 AM

 

That moment when, from reddit, you land on the GMC and you discover a 3th data breach.
 
May I ask if warning emails were sent? I didn't receive anything and just discovered this by pure luck...

Nope, no emails were sent. I commented about this a while ago, with no response. It's incredibly irresponsible not to send one.

You could have had your other accounts compromised, and an email warning may have prevented that.

 

 

Speaking of having other accounts compromised, someone just tried to reset my old Battle.net account via the email-adress I'm registered with here on the GMC. It's an old hotmail account I barely even use anymore, but I thought I might as well mention it here.


Edited by Mornedil, 26 February 2016 - 08:07 AM.

  • 0

~ Pause systems for your games ~


EasyPauseIcon.png                   icon_medium.png


#224 Slammin Sam

Slammin Sam

    I craft juicy things

  • GMC Member
  • 854 posts
  • Version:GM:Studio

Posted 26 February 2016 - 08:45 AM

 

 

That moment when, from reddit, you land on the GMC and you discover a 3th data breach.
 
May I ask if warning emails were sent? I didn't receive anything and just discovered this by pure luck...

Nope, no emails were sent. I commented about this a while ago, with no response. It's incredibly irresponsible not to send one.

You could have had your other accounts compromised, and an email warning may have prevented that.

 

 

Speaking of having other accounts compromised, someone just tried to reset my old Battle.net account via the email-adress I'm registered with here on the GMC. It's an old hotmail account I barely even use anymore, but I thought I might as well mention it here.

 

 

Which is exactly why it's a good idea to alert every registered account to prevent attacks on your user base, the same people who buy your software which keeps the company running. It's disrespectful not to.


  • 1

Nothing to see here...move along


#225 chance

chance

    GMC Member

  • Global Moderators
  • 8762 posts
  • Version:GM:Studio

Posted 26 February 2016 - 12:19 PM

Speaking of having other accounts compromised, someone just tried to reset my old Battle.net account via the email-adress I'm registered with here on the GMC. It's an old hotmail account I barely even use anymore, but I thought I might as well mention it here.


I think its unlikely the GMC hacker wants your inactive battle.net account.   

 

I'm just guessing, of course.  But it's probably more likely someone miss-typed their own account info, and specified yours instead.  Perhaps you were notified via your GMC address because that's linked with the other account?


  • 0

#226 Nocturne

Nocturne

    Nocturne Games

  • Administrators
  • 25708 posts
  • Version:GM:Studio

Posted 26 February 2016 - 12:34 PM

Have a look here: https://haveibeenpwned.com/

 

Great site for checking where your emails have been leaked from... 


  • 4

U1FVsm3.png

40799.png


#227 Lukan Spellweaver

Lukan Spellweaver

    Gay Wizard Freak & mcmonkey's plaything

  • GMC Member
  • 3704 posts
  • Version:GM:Studio

Posted 26 February 2016 - 07:22 PM

Have a look here: https://haveibeenpwned.com/

 

 

b04f62bc2d.png

This explains so much.
I've had several account breaches over the past few months.


  • 0

DeEuDARh.pngi1SR21Q.png

Find me on Itch.io | GameJolt | YouTube | Twitter | Facebook | Website | Ask.FM

 GMC Google Hangout | I liek monkehs

The GMC, here lies she. Kicked to the curb, with nary a word. She shall live on, though. Remain strong, bros.

Also: MIKE DAILLY TOLD ME TO UPDATE MY SIGNATURE


#228 Bleed

Bleed

    Chevalier

  • GMC Member
  • 763 posts
  • Version:GM:Studio

Posted 26 February 2016 - 08:20 PM

So basically, no matter how big the password is, or how many special characters it contains versus the simple passwords, initials and birth-year etc. It makes no difference whatsoever since it all gets collected the same way?


Edited by Bleed, 26 February 2016 - 08:24 PM.

  • 1

rlztjp_zpsoqffaixe.jpg


#229 NakedPaulToast

NakedPaulToast

    GM Studio/Mac/Win

  • GMC Member
  • 8808 posts
  • Version:GM:Studio

Posted 27 February 2016 - 02:42 AM

So basically, no matter how big the password is, or how many special characters it contains versus the simple passwords, initials and birth-year etc. It makes no difference whatsoever since it all gets collected the same way?

 

On what basis are you drawing that conclusion?


  • 0

If the Bible truly is inspired by God, you would think that somebody as omnipotent and all-knowing would have known to get his message out using TCP instead of UDP.

 


#230 Mornedil

Mornedil

    GMC Member

  • GMC Member
  • 1450 posts
  • Version:GM:Studio

Posted 27 February 2016 - 08:24 AM

 

So basically, no matter how big the password is, or how many special characters it contains versus the simple passwords, initials and birth-year etc. It makes no difference whatsoever since it all gets collected the same way?

 

On what basis are you drawing that conclusion?

 

 

"plain text passwords"

 

(see the 000webhost breach)


  • 0

~ Pause systems for your games ~


EasyPauseIcon.png                   icon_medium.png


#231 Bleed

Bleed

    Chevalier

  • GMC Member
  • 763 posts
  • Version:GM:Studio

Posted 27 February 2016 - 09:50 AM

 

So basically, no matter how big the password is, or how many special characters it contains versus the simple passwords, initials and birth-year etc. It makes no difference whatsoever since it all gets collected the same way?

 

On what basis are you drawing that conclusion?

 

 

What is the alternative, brute-force through thousands of entries?


  • 0

rlztjp_zpsoqffaixe.jpg


#232 NakedPaulToast

NakedPaulToast

    GM Studio/Mac/Win

  • GMC Member
  • 8808 posts
  • Version:GM:Studio

Posted 27 February 2016 - 03:38 PM

 

 

So basically, no matter how big the password is, or how many special characters it contains versus the simple passwords, initials and birth-year etc. It makes no difference whatsoever since it all gets collected the same way?

 

On what basis are you drawing that conclusion?

 

 

"plain text passwords"

 

(see the 000webhost breach)

 

Didn't notice the 000webhost breach.

 

 

Wow. 


  • 0

If the Bible truly is inspired by God, you would think that somebody as omnipotent and all-knowing would have known to get his message out using TCP instead of UDP.

 


#233 chance

chance

    GMC Member

  • Global Moderators
  • 8762 posts
  • Version:GM:Studio

Posted 27 February 2016 - 04:17 PM

"plain text passwords"
 
(see the 000webhost breach)


A strong password can protect against guessers and brute-force attempts.  But if someone gains access to a site and steals data files containing passwords, email addresses, etc., then it doesn't really matter how strong (or weak) your password was.

 

EDIT:  just realized you're probably referring to how the password data is stored -- i.e., plain text vs. encrypted.   Not whether the password was simple (easy to guess), as a previous poster was discussing.


Edited by chance, 27 February 2016 - 04:30 PM.

  • 0

#234 Strawbry_Jam

Strawbry_Jam

    Likes Toast

  • GMC Member
  • 345 posts
  • Version:Unknown

Posted 27 February 2016 - 05:17 PM

"plain text passwords"
 
(see the 000webhost breach)
 

Didn't notice the 000webhost breach.
 
 
Wow. 
000webhost didn't either. For 8 months. :) I was in the list. But they didn't get anything from me.

Edited by Strawbry_Jam, 27 February 2016 - 05:19 PM.

  • 1
Spoiler

#235 MakPo

MakPo

    GMC Member

  • New Member
  • 15 posts
  • Version:GM:Studio

Posted 28 February 2016 - 11:20 PM

Dear GMC community,

 

We are very sorry to announce that last night we discovered what appears to be a cyber attack in in the GMC forum software. The attack has been instantly removed and we are still investigating the scope of the breach. We urge you to change your forum password as soon as possible, as usernames and passwords of the forum may have been compromised.

 

The breach appears to be fully contained within the forums directory structure. We therefore believe that no sensitive personal information has been compromised.

 

Please remember that in order to mitigate the damage of possible cyber attacks, we advise you not to use the same password on forums as you do anywhere else.
Again, we are very sorry for the inconveniences.

YoYo Games Ltd.

 

 

I just signed up last night, but I'm getting the "password.png" message at the top of my page. Is this still an ongoing issue?


  • 0

MakPo


#236 Luigi003

Luigi003

    GMC Member

  • GMC Member
  • 55 posts
  • Version:GM:Studio

Posted 28 February 2016 - 11:33 PM

 

Dear GMC community,

 

We are very sorry to announce that last night we discovered what appears to be a cyber attack in in the GMC forum software. The attack has been instantly removed and we are still investigating the scope of the breach. We urge you to change your forum password as soon as possible, as usernames and passwords of the forum may have been compromised.

 

The breach appears to be fully contained within the forums directory structure. We therefore believe that no sensitive personal information has been compromised.

 

Please remember that in order to mitigate the damage of possible cyber attacks, we advise you not to use the same password on forums as you do anywhere else.
Again, we are very sorry for the inconveniences.

YoYo Games Ltd.

 

 

I just signed up last night, but I'm getting the "password.png" message at the top of my page. Is this still an ongoing issue?

 

It's not, but the don't delete it to alert old users

Regards~


  • 0